As part of this Blog, I am going to regularly post technology tips for any Connecticut business to manage risks and avoid lawsuits. These tips will be based on a presentation I did for the Hartford Business Journal’s Etechnology Summit concerning technology bombs that can sink a business.
Here’s todays tip for Connecticut businesses to avoid financial loss as a result of datal loss and security breaches.
Implement a Data Loss Policy and Solution
Any business that stores third party information or personal indentifiers (credit card information, social security numbers) on its computer systems faces potential exposure under a host of privacy laws. For a good resource on privacy laws go to the Privacy Law Blog by Proskauer Rose LLP. For an example of a new privacy law in Connecticut, consider the“Act Concerning the Confidentiality of Social Security Numbers.” Connecticut’s Unfair Trade Practices Act could also be implicated in a data loss case.
Data loss or a security breach can cause a huge financial problem, bad public realtions, and signficant down time. Consider the recent case of TJX reported on by Sheri Qaulters for the National Law Journal. Discount retailer TJX had a data breach involving exposure of 45 million credit and debit cards. TJX entered into various settlements including payment of $9.75 million to 41 states; $30 to every consumer who used a credit or debit card; and an undisclosed settlement with three banks. Ouch.
TJX is an extreme example, but data loss can sink a small to medium sized business. How can a business mimize its exposure to lawsuits from data loss or security breach?
Implement a data loss policy and solution for your business. There is no one size fits all policy and solution and every business will have different needs. If you already have a policy, you should have it reviewed regularly for changes in the law. If you do not have a policy in place, you need to start somewhere. For “do it yourselfers” there is the Federal Trade Commision’s Guide for Business and Protecting Personal Information. The FTC’s guide is a 5 step plan from identifying your risk exposure to implementing procedures.
In addition to implementing policies, any business with a significant risk exposure for data loss (i.e. medical practice, retailers, e commerce) should consider purchasing a cyber liability insurance policy. These policies are now more afforadable and many insurers such as The Hartford are now actively underwriting polices to cover first and third party data loss claims and providing ongoing resources and information.
The bottom line is, a business cannot afford to take the risk of ignoring data loss and security breach exposure. Do not wait for the first breach or lawsuit.